public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Adding Sigma references to ConfigSecurityPolicy, Diantz, ExtExport & Extrac32 (#184)

Browse Source
This commit is contained in:
frack113
2021-12-06 12:19:01 +01:00
committed by GitHub
parent 2d28767c04
commit 17899acbb0
4 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OSBinaries/Diantz.yml
View File

@@ -24,6 +24,8 @@ Full_Path:
Code_Sample:
- Code:
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/0593446f96c57a8b64e2b5b9fd15a20f1c56acab/rules/windows/process_creation/win_pc_lolbas_diantz_ads.yml
- Sigma: https://github.com/SigmaHQ/sigma/blob/0f33cbc85bf4b23b8d8308bfcc8b21a9e5431ee7/rules/windows/process_creation/win_pc_lolbas_diantz_remote_cab.yml
- IOC: diantz storing data into alternate data streams.
- IOC: diantz getting a file from a remote machine or the internet.
Resources: